[14117] in cryptography@c2.net mail archive
Re: fyi: bear/enforcer open-source TCPA project
daemon@ATHENA.MIT.EDU (Sean Smith)
Tue Sep 9 11:07:34 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
In-Reply-To: Your message of "Mon, 08 Sep 2003 16:54:32 PDT."
<Pine.LNX.4.50L0.0309081651120.876-100000@bolt.sonic.net>
From: Sean Smith <sws@cs.dartmouth.edu>
Reply-To: Sean Smith <sws@cs.dartmouth.edu>
Date: Tue, 09 Sep 2003 10:13:06 -0400
>
> >How can you verify that a remote computer is the "real thing, doing
> >the right thing?"
>
> You cannot.
Using a high-end secure coprocessor (such as the 4758, but not
with a flawed application) will raise the threshold for the adversary
significantly.
No, there are no absolutes. But there are things you can do.
> The correct security approach is to never give a remote machine
> any data that you don't want an untrusted machine to have.
So you never buy anything online, or use a medical facility
that uses computers?
--
Sean W. Smith, Ph.D. sws@cs.dartmouth.edu
http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
